Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-04-20 20:40:09 |
Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock (lien direct) |
The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity. |
|
|
|
|
2021-04-20 15:59:56 |
GEICO Alerts Customers Hackers Stole Driver License Data for Two Months (lien direct) |
The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website. |
Vulnerability
|
|
|
|
2021-04-19 19:23:07 |
NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens (lien direct) |
The malware seems like a silly coding lark at first, but further exploration shows it can wreak serious damage in follow-on attacks. |
Malware
|
|
|
|
2021-04-19 18:01:23 |
Ransomware: A Deep Dive into 2021 Emerging Cyber-Risks (lien direct) |
Our new eBook goes beyond the status quo to take a look at the evolution of ransomware and what to prepare for next. |
Ransomware
|
|
|
|
2021-04-19 15:27:38 |
What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis (lien direct) |
Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses climate change and the cyber-resilience lessons companies should take away from dealing with the pandemic. |
|
|
|
|
2021-04-16 20:27:25 |
BazarLoader Malware Abuses Slack, BaseCamp Clouds (lien direct) |
Two cyberattack campaigns are making the rounds using unique social-engineering techniques. |
Malware
|
|
|
|
2021-04-16 19:19:55 |
iOS Kids Game Morphs into Underground Crypto Casino (lien direct) |
A malicious 'Jungle Run' app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality. |
|
|
|
|
2021-04-16 18:10:09 |
NSA: 5 Security Bugs Under Active Nation-State Cyberattack (lien direct) |
Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more. |
|
APT 29
|
|
|
2021-04-16 14:02:54 |
Mandiant Front Lines: How to Tackle Exchange Exploits (lien direct) |
Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections. |
|
|
|
|
2021-04-16 12:57:36 |
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period (lien direct) |
The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes. |
|
|
|
|
2021-04-15 20:09:21 |
Biden Races to Shore Up Power Grid Against Hacks (lien direct) |
A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. |
|
|
|
|
2021-04-15 16:35:53 |
Gafgyt Botnet Lifts DDoS Tricks from Mirai (lien direct) |
The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices. |
Malware
|
|
|
|
2021-04-15 12:19:13 |
Attackers Target ProxyLogon Exploit to Install Cryptojacker (lien direct) |
Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered. |
Threat
|
|
|
|
2021-04-14 20:56:27 |
Security Bug Allows Attackers to Brick Kubernetes Clusters (lien direct) |
The vulnerability is triggered when a cloud container pulls a malicious image from a registry. |
Vulnerability
|
Uber
|
|
|
2021-04-14 19:55:41 |
Ransomware Attack Creates Cheese Shortages in Netherlands (lien direct) |
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw. |
|
|
|
|
2021-04-14 17:31:13 |
FBI Clears ProxyLogon Web Shells from Hundreds of Orgs (lien direct) |
In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand. |
|
|
|
|
2021-04-14 17:21:54 |
A Post-Data Privacy World and Data-Rights Management (lien direct) |
Joseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what comes next. |
|
|
|
|
2021-04-14 14:48:27 |
100,000 Google Sites Used to Install SolarMarket RAT (lien direct) |
Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains. |
|
|
|
|
2021-04-14 12:46:33 |
Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes (lien direct) |
Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack. |
|
|
|
|
2021-04-13 21:03:41 |
How the NAME:WRECK Bugs Impacts Consumers, Businesses (lien direct) |
How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals. |
|
|
|
|
2021-04-13 20:24:15 |
COVID-Related Threats, PowerShell Attacks Lead Malware Surge (lien direct) |
Researchers measured 648 new malware threats every minute during Q4 2020. |
Malware
|
|
|
|
2021-04-13 18:29:33 |
Tax Phish Swims Past Google Workspace Email Security (lien direct) |
Crooks are looking to harvest email credentials with a savvy campaign that uses the Typeform service to host the phishing page. |
|
|
|
|
2021-04-13 16:40:49 |
Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop (lien direct) |
The security bugs could open the door for arbitrary code-execution and full takeover of targeted machines. |
|
|
|
|
2021-04-13 13:40:51 |
Chrome Zero-Day Exploit Posted on Twitter (lien direct) |
An update to Google's browser that fixes the flaw is expected to be released on Tuesday. |
|
|
|
|
2021-04-12 20:18:18 |
1.3M Clubhouse Users\' Data Dumped in Hacker Forum for Free (lien direct) |
Clubhouse denies it was 'breached' and says the data is out there for anyone to grab. |
|
|
|
|
2021-04-12 20:01:44 |
Man Arrested for AWS Bomb Plot (lien direct) |
A man caught in an FBI sting said he wanted to destroy "70 percent of the internet" by going after the tech giant's data centers. |
|
|
|
|
2021-04-12 18:14:35 |
Zero Trust: The Mobile Dimension (lien direct) |
Hank Schless, senior security solutions manager at Lookout, discusses how to secure remote working via mobile devices. |
|
|
|
|
2021-04-12 18:12:04 |
IcedID Circulates Via Web Forms, Google URLs (lien direct) |
Attackers are filling out and submitting web-based "contact us" forms, thus evading email spam filters. |
Spam
|
|
|
|
2021-04-09 20:54:31 |
DOJ: Creep Coach Finagles Nude Athlete Photos (lien direct) |
Allegedly perv college coach charged with cyberstalking and extorting nudes from his female athletes. |
|
|
|
|
2021-04-09 18:40:48 |
623M Payment Cards Stolen from Cybercrime Forum (lien direct) |
The database was subsequently leaked elsewhere, imperiling consumers from the U.S. and around the world. |
|
|
|
|
2021-04-09 15:40:59 |
Network Detection & Response: The Next Frontier in Fighting the Human Problem (lien direct) |
Justin Jett, director of audit and compliance for Plixer, discusses the transformation of network-traffic analytics and what it means for cybersecurity now. |
|
|
|
|
2021-04-09 14:06:24 |
Data from 500M LinkedIn Users Posted for Sale Online (lien direct) |
Like the Facebook incident earlier this week, the information - including user profile IDs, email addresses and other PII -- was scraped from the social-media platform. |
|
|
|
|
2021-04-08 21:17:02 |
Adware Spreads via Fake TikTok App, Laptop Offers (lien direct) |
Cybercriminals are encouraging users to send the "offers" via WhatsApp to their friends as well. |
|
|
|
|
2021-04-08 21:07:47 |
Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers (lien direct) |
Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities. |
|
|
|
|
2021-04-08 20:00:17 |
IcedID Banking Trojan Surges: The New Emotet? (lien direct) |
A widespread email campaign using malicious Microsoft Excel attachments and Excel 4 macros is delivering IcedID at high volumes, suggesting it's filling the Emotet void. |
|
|
|
|
2021-04-08 14:12:46 |
Azure Functions Weakness Allows Privilege Escalation (lien direct) |
Microsoft's cloud-container technology allows attackers to directly write to files, researchers said. |
|
|
|
|
2021-04-08 14:00:32 |
Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks (lien direct) |
Industrial enterprises in Europe are target of campaign, which forced a shutdown of industrial processes in at least one of its victims' networks, according to researchers. |
Ransomware
|
|
|
|
2021-04-07 20:50:39 |
Attackers Blowing Up Discord, Slack with Malware (lien direct) |
One Discord network search turned up 20,000 virus results, researchers found. |
Malware
|
|
|
|
2021-04-07 17:57:20 |
Crossing the Line: When Cyberattacks Become Acts of War (lien direct) |
Saryu Nayyar, CEO at Gurucul, discusses the new Cold War and the potential for a cyberattack to prompt military action. |
|
|
|
|
2021-04-07 16:47:11 |
Fake Netflix App on Google Play Spreads Malware Via WhatsApp (lien direct) |
The wormable malware spread from Android to Android by sending messages offering free Netflix Premium for 60 days. |
Malware
|
|
|
|
2021-04-07 13:00:27 |
Facebook: Stolen Data Scraped from Platform in 2019 (lien direct) |
The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators. |
|
|
★★★
|
|
2021-04-06 20:55:47 |
Critical Cloud Bug in VMWare Carbon Black Allows Takeover (lien direct) |
CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain. |
|
|
|
|
2021-04-06 20:54:54 |
Chinese Hackers Selling Intimate Stolen Camera Footage (lien direct) |
A massive operation offers access to hacked camera feeds in bedrooms and at hotels. |
|
|
|
|
2021-04-06 18:47:57 |
SAP Bugs Under Active Cyberattack, Causing Widespread Compromise (lien direct) |
Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further. |
|
|
|
|
2021-04-06 13:59:11 |
Conti Gang Demands $40M Ransom from Florida School District (lien direct) |
New details of negotiation between attackers and officials from Broward County Public Schools emerge after a ransomware attack early last month. |
Ransomware
|
|
★★★
|
|
2021-04-05 21:07:42 |
533M Facebook Accounts Leaked Online: Check if You Are Exposed (lien direct) |
An estimated 32 million, of the half-billion of Facebook account details posted online, were tied to US-based accounts. |
|
|
|
|
2021-04-05 21:04:26 |
Spy Operations Target Vietnam with Sophisticated RAT (lien direct) |
Researchers said the FoundCore malware represents a big step forward when it comes to evasion. |
Malware
|
|
|
|
2021-04-05 19:46:18 |
LinkedIn Spear-Phishing Campaign Targets Job Hunters (lien direct) |
Fake job offers lure professionals into downloading the more_eggs backdoor trojan. |
|
|
|
|
2021-04-05 19:10:53 |
Apple Mail Zero-Click Security Vulnerability Allows Email Snooping (lien direct) |
The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached. |
Vulnerability
|
|
|
|
2021-04-05 17:28:13 |
How To Defend the Extended Network Against Web Risks (lien direct) |
Aamir Lakhani, cybersecurity researcher for Fortinet's FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it. |
|
|
|